ACME (Let's Encrypt protocol) Component for Delphi Tokyo 10.2.3
Clone or download
Execute
Execute Merge branch 'master' of https://github.com/tothpaul/DelphiACME
(I have to change the name of the component and repository...hope it will work as expected !)
Latest commit 18f3cf8 Dec 3, 2018

readme.md

ACME (Let's Encrypt protocol) component for Delphi Tokyo

(c)2018 by Execute SARL

Purpose

TExecuteACME component let you request a "Let's Encrypt" certificate for you domain.

The component supports HTTP Challenge, you can use a self hosted WebServer (TidHTTPServer) to validate the certificate or use the OnHttpChallenge event to store the challenge reply on your website.

In both case you need to manage the domain's HTTP (not HTTPS) server.

Installation

this component is compatible with Delphi Tokyo 10.2.3 (even the Community Edition).

  1. Download the repository
  2. Open ACMEGroup.groupproj
  3. Right click on the project "Execute.ACMEDesign.bpl" and install it
  4. Select the ACMEDemo project
  5. Compile and run the Application

the application requires OpenSSL (libeay32.dll and ssleay32.dll) on the first start, the application can create Account.key and Domain.key for you, (generating a 4096bits take some time, this is normal).

Account.key will be your Let's Encrypt account private key, place it on a safe place (with a password).

Domain.key is the private key for the domain (same recommandations).

How does it work ?

1. Registration request

TExecuteACME.RegisterDomain();
 -> Account.key     -> register a Let's Encrypt account.
 -> Domain.key      -> send a Certification Signing Request.
 -> OnHttpChallenge -> store the challenge Token & Thumbprint.
 -> OnDone          -> the certificate is not ready yet, try later.

2. HTTP Challenge

Let's Encrypt -> http://(domain)/.well-known/acme-challenge/(token) <- Thumbprint

3. Retrieve the certificate

(you have to do this periodically because the certificate lives only for 90 days !)

TExecuteACME.RegisterDomain();
 -> Account.key     -> Retrieve account status.
 -> Domain.key      -> Retrieve the Certificate from Let's Encrypt.
 -> OnCertificate   -> store the updated certificate.

4. Revoke certificate (if required)

 TExecuteACME.UnRegisterDomain();
 -> Domain.key      -> Revoke Certificat
 -> OnDone          -> the certificate is revoked.

Licence

this repository contains the full source code of the demo application for the CLOSED SOURCE component TLetsEncrypt.

you'll find the compiled Execute.ACME.dcu unit in the lib folder and the Interface part of the Unit in Execute.ACME.Interface.pas.

screen

This component is NOT FREE !

You have to register a licence to use it in any commercial product

you are NOT allowed to use this component to register a commercial website certificate without a registered licence.

You can buy the component source code for 50€ per developper up to 200€ (site licence).

Minor version updates indefinitely and major version updates for 1 year from date of purchase.

If I sell 100 licences (5.000€), the component will be released under GPL :)

Even then you'll still be able to buy a commercial licence for my part of the component.

Feedbacks are welcome.